Overview

Affected versions of this package are vulnerable to Sandbox Bypass.
A malicious user with Overall/Read permission, or able to control Jenkins file or sandboxed Pipeline shared library contents in SCM, could bypass the sandbox protection and execute arbitrary code on the Jenkins master.

Remediation

Upgrade org.jenkins-ci.plugins:script-security to version 1.50 or higher.